8ed5018d8b
This commit supports synchronization of Identity Group Resource from central cloud to subclouds. The dcorch audit makes use of dbsync service to handle creation, modification and deletion of the groups and the user group memberships. It also handles the the grant and revocation of group role assignments. Tests executed: 1) Initial sync - Verify in subcloud DB that users, groups,user-group memberships and project assignments are synced as expected - Add/Delete new users to existing subcloud groups - Add/Delete role assigments for existing subcloud groups - Update group information for existing subcloud groups - Update information of existing users belonging to existing groups - Verify behaviour on subclouds which have additional identity groups (i.e. superset of SystemController); which may have been created by admin user for that subcloud 2) Execute all the above test cases as a part of dcorch audit 3) Execute all the above test cases using proxy 4) Execute all the above test cases in a larger env Change-Id: Ic6c5794be39ec93edc769e72b2a2d53eaba3ecc3 Signed-off-by: Jessica Castelino <jessica.castelino@windriver.com> Closes-Bug: 1942939
api
DC DBsync API is Web Server Gateway Interface (WSGI) application to receive and process API calls, including keystonemiddleware to do the authentication, parameter check and validation. It receives API calls from DC Orchestrator to read/write/update resources in Databases on behalf of DC Orchestrator. The API calls are processed in synchronous way, so that the caller will wait for the response to come back.
Multiple DC DBsync API could run in parallel, and also can work in multi-worker mode.
Multiple DC DBsync API is designed and run in stateless mode.
Setup and encapsulate the API WSGI app
- app.py:
-
Setup and encapsulate the API WSGI app, including integrate the keystonemiddleware app
- api_config.py:
-
API configuration loading and init
- enforcer.py
-
Enforces policies on the version2 APIs